I am attempting to automate the installation of the CrowdStrike Falcon Sensor on Windows using the CrowdStrike authored PowerShell script found at .md
From the PowerShell CLI I run this command:
$output = & .\falcon_windows_install.ps1 -FalconCloud us-gov-1 -FalconClientId <FALCON_CLIENT_ID> -FalconClientSecret <FALCON_CLIENT_SECRET> -GetAccessToken *>&1 | Out-String
and the token displays on the CLI
I then run this command:
Write-Output "$output"
this displays nothing.
The falcon_windows_install.ps1 script is outputting the token with this code:
if ($GetAccessToken -eq $true) {
Write-Output $content.access_token | out-host
exit 0
}
How to capture the token that is output from the falcon_windows_install.ps1 into a variable?
My ultimate objective is to create an AWS SSM Document that can install the CrowdStrike Falcon Sensor on Windows EC2 instances.
I am attempting to automate the installation of the CrowdStrike Falcon Sensor on Windows using the CrowdStrike authored PowerShell script found at https://github/CrowdStrike/falcon-scripts/blob/main/powershell/install/README.md
From the PowerShell CLI I run this command:
$output = & .\falcon_windows_install.ps1 -FalconCloud us-gov-1 -FalconClientId <FALCON_CLIENT_ID> -FalconClientSecret <FALCON_CLIENT_SECRET> -GetAccessToken *>&1 | Out-String
and the token displays on the CLI
I then run this command:
Write-Output "$output"
this displays nothing.
The falcon_windows_install.ps1 script is outputting the token with this code:
if ($GetAccessToken -eq $true) {
Write-Output $content.access_token | out-host
exit 0
}
How to capture the token that is output from the falcon_windows_install.ps1 into a variable?
My ultimate objective is to create an AWS SSM Document that can install the CrowdStrike Falcon Sensor on Windows EC2 instances.
Share Improve this question edited Mar 25 at 19:51 Brian G asked Mar 25 at 19:34 Brian GBrian G 3662 silver badges16 bronze badges1 Answer
Reset to default 3The (seemingly poorly crafted)
falcon_windows_install.ps1installation script uses
Out-Host, which by design bypasses PowerShell's system of output streams and instead prints directly to the PowerShell host (typically, a console / terminal).Inside a PowerShell session, you can therefore not capture or redirect
Out-Hostoutput, but you can if you call via the PowerShell CLI (powershell.exefor Windows PowerShell,pwsh.exefor PowerShell (Core) 7), as shown next:
$output = powershell.exe -File .\falcon_windows_install.ps1 -FalconCloud us-gov-1 -FalconClientId <FALCON_CLIENT_ID> -FalconClientSecret <FALCON_CLIENT_SECRET> -GetAccessToken
Note:
Calling the CLI of necessity creates a child process, which not only incurs a performance penalty, but also prevents the installation script from modifying the calling session, such as by setting process-level environment variables.
By (problematic) design, all of PowerShell's output streams - as well as
Out-Hostoutput - are reported via thepowershell.exe' child process' stdout stream, so the*>&1redirection isn't necessary, given that even error-stream output is reported via stdout rather than stderr by default - unless a2>redirection is used.[1]The above also omits your
Out-Stringcall, as it doesn't seem to be necessary, given that the installation script appears to output a single-line value.- PowerShell collects stdout output from external programs line by line, creating an array of strings if more than one line is output.
- If you do need to collect multiple output lines as a single, multiline string, you can use
Out-String, but note that it invariably appends a trailing newline. [2]You can avoid this problem by using a
-joinoperation instead:$output = (powershell.exe ...) -join [Environment]::NewLine
[1] See GitHub issue #7989 for a discussion of this problematic behavior.
[2] See GitHub issue #14444 for a discussion of this problematic behavior.